Rep. Franks: The True Threat of Cyber Attack

Your government has failed you… Every major company in the United States has already been penetrated by China.” These are alarming words. But that’s the analysis of our current cybersecurity status by Richard Clarke, the United States’ former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism. Indeed, the theft of digital information alone is said to cost American companies in the neighborhood of $250 billion every year. As one of only three members of Congress who currently holds a patent, I am keenly aware of the importance of intellectual property protection, a goal that is impossible without effective cybersecurity.

But while the economic effects of cyberattacks are already staggering and unquestionably must be addressed, the true threat is the prospect of a hacker — whether operating alone or backed by a rogue regime — infiltrating vital components of our infrastructure and wreaking havoc. The topic is a timely one. Just yesterday, it was reported that computer networks at major South Korean institutions, including banks and broadcasting networks, crashed simultaneously. Though unconfirmed, all signs seem to point to a cyberattack originating in North Korea.

A recent project by Deutsche Telekom, the parent company of T-Mobile, has highlighted just how ever-present the threat is. Earlier this month, the company set up 97 “honeypot” systems all over the world that appear to hackers to be vulnerable networks, computers, and websites. Deutsche Telekom created a map showing, in real-time, the number of attempted cyberattacks these systems were enduring, as well as the point of origin of the attempted attacks. A visit to the online map indicates a continually-flashing catalogue of world-wide attempted cyberattacks — with sometimes half a dozen or more attempted attacks occurring every second.

It is an overwhelming problem without one single, simple, comprehensive fix. But any attempt to address the issue absolutely must include provisions to facilitate voluntary information sharing. When cyberattacks occur, the entities affected must have an efficient and effective means of sharing relevant information with other companies that could find themselves at-risk, as well as with authorities. By pooling all of the information we have about the sources and nature of various cyberattacks, we are far more able to effectively respond, if not avoid the attacks entirely.

But in the midst of all the discussion above, we must not miss the forest for the trees by ignoring a less discussed threat to our infrastructure and electric grid: the prospect of an electromagnetic pulse (EMP) of either natural or man-made origin that could disable any electrical components on a catastrophic scale. Whether originating from the sun — we are currently in the middle of the “solar maximum,” during which the sun is expected to be most active — or from a rogue regime like Iran — which has conducted tests consistent with EMP attacks — such a burst of electromagnetic energy could disable large swaths of America’s electric grid and become the ultimate cybersecurity threat.

The threat has received attention from organizations ranging from NASA, the National Association of Scientists, and the Federal Energy Regulatory Commission. All of them reached the same conclusion: our civilian electric grid is vulnerable to EMP. Ongoing and largely successful efforts over the years have hardened much of our critical defense apparatus to electromagnetic pulse. However, in the continental United States, the Department of Defense depends upon an unsecured civilian grid for 99 percent of its electricity supply, without which it cannot successfully effect its mission. Thus our ability to defend the homeland, as well as much of our ability even to function as a modern society, would be greatly compromised should we find ourselves unprepared in the face of a major unexpected attack or a solar event like the 1859 solar superstorm (or Carrington Event) that caused aurorae worldwide, and knocked out telegraph systems — the only major electrical system in the world at the time — all over Europe and North America. Telegraph systems were so overwhelmed by the burst of energy that fires were started by the sparking telegraph pylons. Another large solar event occurred in 1921, and the National Academy of Sciences predicts this effect will recur globally approximately once every 100 years. In other words, we could be due for another occurrence.

It is time we take the relatively inexpensive steps necessary to make our transformers and other major grid components survivable to such a threat to our national security.

To that end, as Chairman of the Congressional EMP Caucus, I introduced the SHIELD Act (H.R. 668) last Congress and will soon reintroduce it in the new Congress. The bill would finally take the first critical measures to protect our grid from a potentially catastrophic electromagnetic pulse.

We live in an almost miraculous digital age. Unfortunately, our modern electric technologies are far more susceptible to cyber attack and electromagnetic pulse than ever before, and we are far more reliant on those systems than ever before. This year, even as we witness what NASA has called “unexpected” solar activity, along with the threat posed by radical regimes with nuclear weapons capability, may we seize the opportunity to finally begin to systematically address all dangerous cyber threats, including those that could be precipitated by a major man-made or natural electromagnetic pulse, and begin to ensure that our reliance on digital systems is finally matched by our ability to defend those systems.